Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Vendor NewsFeed

More Vendor NewsFeed »

Security
F E A T U R E  
Got Discipline?

  May 29, 2003
  By Mike Fratto


>> continued from previous page

Complying With the Feds

TOC Issue TOC
Printer Print full article
Printer Print this page
Printer Download as PDF
E-Mail E-Mail this URL
Discuss Discuss this article
flame author Flame the author
 
  In this article
arrow
 Introduction
arrow
 What's In It for Me?
arrow
 Executive Summary
arrow
 Complying With the Feds
arrow
 Epoll Results

If your organization is in the financial or health sector, you no doubt are familiar with the Gramm-Leach-Bliley Act (GLBA) or the Health Insurance Portability and Accountability Act (HIPAA). Both mandate specific actions to protect the security and privacy of customer and patient information, respectively. They affect how organizations collect, store, transmit and allow access to nonpublic information that can be individually identified to a customer receiving a financial product or service or a patient receiving health care. But neither act spells out specific hardware or software solutions that you need to implement to comply with the law.

IT is good at providing practical solutions to network management and security problems. Many of the technologies that apply to both GLBA and HIPAA, such as authentication schemes for identity management, encryption for data transmission, secure VPNs for remote access, and access controls for data storage, are in place. But IT is not so good at documenting the solutions used to meet the legal requirements in laws like GLBA and HIPAA. And that's where policy management can help.

Policy-management tools, such as BindView Policy Operations Center, bring together policy templates linked to specific requirements of GLBA and HIPAA. These templates can be used to form a written policy that addresses legal requirements. In the case of GLBA, it can be tailored for the size and complexity of your organization. For HIPAA, it can scale to the cost of the solution. These policy tools not only apply the law, they also suggest industry practices to bring you toward compliance. For example, if your enterprise uses WLANs, BindView suggests IEEE WLAN security features, including WEP (Wired Equivalent Privacy), and MAC (Media Access Control) filtering to protect customer information and assets. It also includes asset-protection standards for devices, such as firewalls and routers, and operating systems. --Sean Doherty

Resources

GLBA Interagency Guidelines Establishing Standards for Safeguarding Customer Information

HIPAA Privacy Rules, aspe.os.

HIPAA Security Rules

"Final HIPAA Rules Hit the Street," (InformationWeek, Feb. 13, 2003)


start top   Executive Summary Epoll Results 

Research and Reports

Hypervisor Derby
August 2011
Network Computing: August 2011

Video


WATCH: Box.net CEO Aaron Levie Takes On Microsoft

WATCH: HP Chairman Ray Lane: Focus On Innovation

WATCH: How OpenFlow Changes Networking


View All Videos
Previous Page First Page Second Page Third Page Next Page

Most Popular

Stories Blogs

More Stories »

Featured Whitepapers

Featured Reports

BlogRoll

TechWeb Careers